探測(cè)Windows2K/XP/2003本機(jī)系統(tǒng)信息
作者：TOo2y

Native API乃Windows用戶模式中為上層Win32 API提供接口的本機(jī)系統(tǒng)服務(wù)。平常我們總是調(diào)用MS為我們提供的公用的Win32 API函數(shù)來實(shí)現(xiàn)來實(shí)現(xiàn)我們系統(tǒng)的功能。（PS：前不久，偶寫了一個(gè)Windows任務(wù)管理器，支持對(duì)桌面，進(jìn)程/線程，系統(tǒng)性能，磁盤，環(huán)境變量，事件日志，網(wǎng)絡(luò)，設(shè)備驅(qū)動(dòng)，Win32服務(wù)，共享，用戶，系統(tǒng)及關(guān)機(jī)等信息的探測(cè)和控制，完全基于Win32 API，大家可以到我們的主頁(yè)下載）。今天我們要談的是如何通過本機(jī)系統(tǒng)服務(wù)(Native API）來探測(cè)本機(jī)系統(tǒng)信息。當(dāng)然，微軟沒有為我們提供關(guān)于本機(jī)系統(tǒng)服務(wù)的文檔(Undocumented)，也就是不會(huì)為對(duì)它的使用提供任何的保證，所以我們不提倡使用Native API來開發(fā)軟件。不過在特殊情況下，本機(jī)系統(tǒng)服務(wù)卻為我們提供了通向“秘密”的捷徑。本文提到的信息僅在Windows2000/XP/2003上測(cè)試過。

今天，我們主要討論的是一個(gè)函數(shù)NtQuerySystemInformation(ZwQuerySystemInformation)。當(dāng)然，你不要小看這么一個(gè)函數(shù)，它卻為我們提供了豐富的系統(tǒng)信息，同時(shí)還包括對(duì)某些信息的控制和設(shè)置。以下是這個(gè)函數(shù)的原型：

typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL); NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; 

從中可以看到，SystemInformationClass是一個(gè)類型信息，它大概提供了50余種信息，也就是我們可以通過這個(gè)函數(shù)對(duì)大約50多種的系統(tǒng)信息進(jìn)行探測(cè)或設(shè)置。SystemInformation是一個(gè)LPVOID型的指針，它為我們提供需要獲得的信息，或是我們需要設(shè)置的系統(tǒng)信息。SystemInformationLength是SystemInformation的長(zhǎng)度，它根據(jù)探測(cè)的信息類型來決定。至于ReturnLength則是系統(tǒng)返回的需要的長(zhǎng)度，通?？梢栽O(shè)置為空指針(NULL)。

首先，我們來看看大家比較熟悉的系統(tǒng)進(jìn)程/線程相關(guān)的信息。這個(gè)題目在網(wǎng)上已經(jīng)討論了N多年了，所以我就不在老生常談了，呵呵。那么就提出這個(gè)結(jié)構(gòu)類型的定義：

typedef struct _SYSTEM_PROCESSES { ULONG NextEntryDelta; //構(gòu)成結(jié)構(gòu)序列的偏移量； ULONG ThreadCount; //線程數(shù)目； ULONG Reserved1[6]; LARGE_INTEGER CreateTime; //創(chuàng)建時(shí)間； LARGE_INTEGER UserTime; //用戶模式(Ring 3)的CPU時(shí)間； LARGE_INTEGER KernelTime; //內(nèi)核模式(Ring 0)的CPU時(shí)間； UNICODE_STRING ProcessName; //進(jìn)程名稱； KPRIORITY BasePriority; //進(jìn)程優(yōu)先權(quán)； ULONG ProcessId; //進(jìn)程標(biāo)識(shí)符； ULONG InheritedFromProcessId; //父進(jìn)程的標(biāo)識(shí)符； ULONG HandleCount; //句柄數(shù)目； ULONG Reserved2[2]; VM_COUNTERS VmCounters; //虛擬存儲(chǔ)器的結(jié)構(gòu)，見下； IO_COUNTERS IoCounters; //IO計(jì)數(shù)結(jié)構(gòu)，見下； SYSTEM_THREADS Threads[1]; //進(jìn)程相關(guān)線程的結(jié)構(gòu)數(shù)組，見下； }SYSTEM_PROCESSES,*PSYSTEM_PROCESSES;
 typedef struct _SYSTEM_THREADS { LARGE_INTEGER KernelTime; //CPU內(nèi)核模式使用時(shí)間； LARGE_INTEGER UserTime; //CPU用戶模式使用時(shí)間； LARGE_INTEGER CreateTime; //線程創(chuàng)建時(shí)間； ULONG WaitTime; //等待時(shí)間； PVOID StartAddress; //線程開始的虛擬地址； CLIENT_ID ClientId; //線程標(biāo)識(shí)符； KPRIORITY Priority; //線程優(yōu)先級(jí)； KPRIORITY BasePriority; //基本優(yōu)先級(jí)； ULONG ContextSwitchCount; //環(huán)境切換數(shù)目； THREAD_STATE State; //當(dāng)前狀態(tài)； KWAIT_REASON WaitReason; //等待原因； }SYSTEM_THREADS,*PSYSTEM_THREADS;
 typedef struct _VM_COUNTERS { ULONG PeakVirtualSize; //虛擬存儲(chǔ)峰值大??； ULONG VirtualSize; //虛擬存儲(chǔ)大??； ULONG PageFaultCount; //頁(yè)故障數(shù)目； ULONG PeakWorkingSetSize; //工作集峰值大小； ULONG WorkingSetSize; //工作集大??； ULONG QuotaPeakPagedPoolUsage; //分頁(yè)池使用配額峰值； ULONG QuotaPagedPoolUsage; //分頁(yè)池使用配額； ULONG QuotaPeakNonPagedPoolUsage; //非分頁(yè)池使用配額峰值； ULONG QuotaNonPagedPoolUsage; //非分頁(yè)池使用配額； ULONG PagefileUsage; //頁(yè)文件使用情況； ULONG PeakPagefileUsage; //頁(yè)文件使用峰值； }VM_COUNTERS,*PVM_COUNTERS; typedef struct _IO_COUNTERS { LARGE_INTEGER ReadOperationCount; //I/O讀操作數(shù)目； LARGE_INTEGER WriteOperationCount; //I/O寫操作數(shù)目； LARGE_INTEGER OtherOperationCount; //I/O其他操作數(shù)目； LARGE_INTEGER ReadTransferCount; //I/O讀數(shù)據(jù)數(shù)目； LARGE_INTEGER WriteTransferCount; //I/O寫數(shù)據(jù)數(shù)目； LARGE_INTEGER OtherTransferCount; //I/O其他操作數(shù)據(jù)數(shù)目； }IO_COUNTERS,*PIO_COUNTERS; 

以上這些信息應(yīng)該是比較全面的了，在Win32 API里為我們提供了PSAPI(進(jìn)程狀態(tài))和ToolHelp32這兩種探測(cè)系統(tǒng)進(jìn)程/線程信息的方式，在Windows2K/XP/2003都支持它們。

現(xiàn)在，我們來看看系統(tǒng)的性能信息，性能結(jié)構(gòu)SYSTEM_PERFORMANCE_INFORMATION為我們提供了70余種系統(tǒng)性能方面的信息，真是太豐富了，請(qǐng)慢慢體會(huì)~

typedef struct _SYSTEM_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; //CPU空閑時(shí)間； LARGE_INTEGER ReadTransferCount; //I/O讀操作數(shù)目； LARGE_INTEGER WriteTransferCount; //I/O寫操作數(shù)目； LARGE_INTEGER OtherTransferCount; //I/O其他操作數(shù)目； ULONG ReadOperationCount; //I/O讀數(shù)據(jù)數(shù)目； ULONG WriteOperationCount; //I/O寫數(shù)據(jù)數(shù)目； ULONG OtherOperationCount; //I/O其他操作數(shù)據(jù)數(shù)目； ULONG AvailablePages; //可獲得的頁(yè)數(shù)目； ULONG TotalCommittedPages; //總共提交頁(yè)數(shù)目； ULONG TotalCommitLimit; //已提交頁(yè)數(shù)目； ULONG PeakCommitment; //頁(yè)提交峰值； ULONG PageFaults; //頁(yè)故障數(shù)目； ULONG WriteCopyFaults; //Copy-On-Write故障數(shù)目； ULONG TransitionFaults; //軟頁(yè)故障數(shù)目； ULONG Reserved1; ULONG DemandZeroFaults; //需求0故障數(shù)； ULONG PagesRead; //讀頁(yè)數(shù)目； ULONG PageReadIos; //讀頁(yè)I/O操作數(shù)； ULONG Reserved2[2]; ULONG PagefilePagesWritten; //已寫頁(yè)文件頁(yè)數(shù)； ULONG PagefilePageWriteIos; //已寫頁(yè)文件操作數(shù)； ULONG MappedFilePagesWritten; //已寫映射文件頁(yè)數(shù)； ULONG MappedFileWriteIos; //已寫映射文件操作數(shù)； ULONG PagedPoolUsage; //分頁(yè)池使用； ULONG NonPagedPoolUsage; //非分頁(yè)池使用； ULONG PagedPoolAllocs; //分頁(yè)池分配情況； ULONG PagedPoolFrees; //分頁(yè)池釋放情況； ULONG NonPagedPoolAllocs; //非分頁(yè)池分配情況； ULONG NonPagedPoolFress; //非分頁(yè)池釋放情況； ULONG TotalFreeSystemPtes; //系統(tǒng)頁(yè)表項(xiàng)釋放總數(shù)； ULONG SystemCodePage; //操作系統(tǒng)代碼頁(yè)數(shù)； ULONG TotalSystemDriverPages; //可分頁(yè)驅(qū)動(dòng)程序頁(yè)數(shù)； ULONG TotalSystemCodePages; //操作系統(tǒng)代碼頁(yè)總數(shù)； ULONG SmallNonPagedLookasideListAllocateHits; //小非分頁(yè)側(cè)視列表分配次數(shù)； ULONG SmallPagedLookasideListAllocateHits; //小分頁(yè)側(cè)視列表分配次數(shù)； ULONG Reserved3; ULONG MmSystemCachePage; //系統(tǒng)緩存頁(yè)數(shù)； ULONG PagedPoolPage; //分頁(yè)池頁(yè)數(shù)； ULONG SystemDriverPage; //可分頁(yè)驅(qū)動(dòng)頁(yè)數(shù)； ULONG FastReadNoWait; //異步快速讀數(shù)目； ULONG FastReadWait; //同步快速讀數(shù)目； ULONG FastReadResourceMiss; //快速讀資源沖突數(shù)； ULONG FastReadNotPossible; //快速讀失敗數(shù)； ULONG FastMdlReadNoWait; //異步MDL快速讀數(shù)目； ULONG FastMdlReadWait; //同步MDL快速讀數(shù)目； ULONG FastMdlReadResourceMiss; //MDL讀資源沖突數(shù)； ULONG FastMdlReadNotPossible; //MDL讀失敗數(shù)； ULONG MapDataNoWait; //異步映射數(shù)據(jù)次數(shù)； ULONG MapDataWait; //同步映射數(shù)據(jù)次數(shù)； ULONG MapDataNoWaitMiss; //異步映射數(shù)據(jù)沖突次數(shù)； ULONG MapDataWaitMiss; //同步映射數(shù)據(jù)沖突次數(shù)； ULONG PinMappedDataCount; //牽制映射數(shù)據(jù)數(shù)目； ULONG PinReadNoWait; //牽制異步讀數(shù)目； ULONG PinReadWait; //牽制同步讀數(shù)目； ULONG PinReadNoWaitMiss; //牽制異步讀沖突數(shù)目； ULONG PinReadWaitMiss; //牽制同步讀沖突數(shù)目； ULONG CopyReadNoWait; //異步拷貝讀次數(shù)； ULONG CopyReadWait; //同步拷貝讀次數(shù)； ULONG CopyReadNoWaitMiss; //異步拷貝讀故障次數(shù)； ULONG CopyReadWaitMiss; //同步拷貝讀故障次數(shù)； ULONG MdlReadNoWait; //異步MDL讀次數(shù)； ULONG MdlReadWait; //同步MDL讀次數(shù)； ULONG MdlReadNoWaitMiss; //異步MDL讀故障次數(shù)； ULONG MdlReadWaitMiss; //同步MDL讀故障次數(shù)； ULONG ReadAheadIos; //向前讀操作數(shù)目； ULONG LazyWriteIos; //LAZY寫操作數(shù)目； ULONG LazyWritePages; //LAZY寫頁(yè)文件數(shù)目； ULONG DataFlushes; //緩存刷新次數(shù)； ULONG DataPages; //緩存刷新頁(yè)數(shù)； ULONG ContextSwitches; //環(huán)境切換數(shù)目； ULONG FirstLevelTbFills; //第一層緩沖區(qū)填充次數(shù)； ULONG SecondLevelTbFills; //第二層緩沖區(qū)填充次數(shù)； ULONG SystemCall; //系統(tǒng)調(diào)用次數(shù)； }SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION; 

現(xiàn)在看到的是結(jié)構(gòu)SYSTEM_PROCESSOR_TIMES提供的系統(tǒng)處理器的使用情況，包括各種情況下的使用時(shí)間及中斷數(shù)目：

typedef struct __SYSTEM_PROCESSOR_TIMES { LARGE_INTEGER IdleTime; //空閑時(shí)間； LARGE_INTEGER KernelTime; //內(nèi)核模式時(shí)間； LARGE_INTEGER UserTime; //用戶模式時(shí)間； LARGE_INTEGER DpcTime; //延遲過程調(diào)用時(shí)間； LARGE_INTEGER InterruptTime; //中斷時(shí)間； ULONG InterruptCount; //中斷次數(shù)； }SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES; 

頁(yè)文件的使用情況，SYSTEM_PAGEFILE_INFORMATION提供了所需的相關(guān)信息：

typedef struct _SYSTEM_PAGEFILE_INFORMATION { ULONG NetxEntryOffset; //下一個(gè)結(jié)構(gòu)的偏移量； ULONG CurrentSize; //當(dāng)前頁(yè)文件大?。?ULONG TotalUsed; //當(dāng)前使用的頁(yè)文件數(shù)； ULONG PeakUsed; //當(dāng)前使用的頁(yè)文件峰值數(shù)； UNICODE_STRING FileName; //頁(yè)文件的文件名稱； }SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION; 

系統(tǒng)高速緩存的使用情況參見結(jié)構(gòu)SYSTEM_CACHE_INFORMATION提供的信息：

typedef struct _SYSTEM_CACHE_INFORMATION { ULONG SystemCacheWsSize; //高速緩存大??； ULONG SystemCacheWsPeakSize; //高速緩存峰值大?。?ULONG SystemCacheWsFaults; //高速緩存頁(yè)故障數(shù)目； ULONG SystemCacheWsMinimum; //高速緩存最小頁(yè)大??； ULONG SystemCacheWsMaximum; //高速緩存最大頁(yè)大小； ULONG TransitionSharedPages; //共享頁(yè)數(shù)目； ULONG TransitionSharedPagesPeak; //共享頁(yè)峰值數(shù)目； ULONG Reserved[2]; }SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION; 

附錄：(所有完整源代碼，您可以到我們FZ5FZ的主頁(yè)下載)。
1.T-PMList的頭文件源代碼：

#ifndef T_PMLIST_H #define T_PMLIST_H #include <windows.h> #include <stdio.h> #define NT_PROCESSTHREAD_INFO 0x05 #define MAX_INFO_BUF_LEN 0x500000 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) typedef LONG NTSTATUS; typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; }LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; }CLIENT_ID; typedef CLIENT_ID *PCLIENT_ID; typedef LONG KPRIORITY; typedef struct _VM_COUNTERS { ULONG PeakVirtualSize; ULONG VirtualSize; ULONG PageFaultCount; ULONG PeakWorkingSetSize; ULONG WorkingSetSize; ULONG QuotaPeakPagedPoolUsage; ULONG QuotaPagedPoolUsage; ULONG QuotaPeakNonPagedPoolUsage; ULONG QuotaNonPagedPoolUsage; ULONG PagefileUsage; ULONG PeakPagefileUsage; }VM_COUNTERS,*PVM_COUNTERS; typedef struct _IO_COUNTERS { LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; }IO_COUNTERS,*PIO_COUNTERS; typedef enum _THREAD_STATE { StateInitialized, StateReady, StateRunning, StateStandby, StateTerminated, StateWait, StateTransition, StateUnknown }THREAD_STATE; typedef enum _KWAIT_REASON { Executive, FreePage, PageIn, PoolAllocation, DelayExecution, Suspended, UserRequest, WrExecutive, WrFreePage, WrPageIn, WrPoolAllocation, WrDelayExecution, WrSuspended, WrUserRequest, WrEventPair, WrQueue, WrLpcReceive, WrLpcReply, WrVertualMemory, WrPageOut, WrRendezvous, Spare2, Spare3, Spare4, Spare5, Spare6, WrKernel }KWAIT_REASON; typedef struct _SYSTEM_THREADS { LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER CreateTime; ULONG WaitTime; PVOID StartAddress; CLIENT_ID ClientId; KPRIORITY Priority; KPRIORITY BasePriority; ULONG ContextSwitchCount; THREAD_STATE State; KWAIT_REASON WaitReason; }SYSTEM_THREADS,*PSYSTEM_THREADS; typedef struct _SYSTEM_PROCESSES { ULONG NextEntryDelta; ULONG ThreadCount; ULONG Reserved1[6]; LARGE_INTEGER CreateTime; LARGE_INTEGER UserTime; LARGE_INTEGER KernelTime; UNICODE_STRING ProcessName; KPRIORITY BasePriority; ULONG ProcessId; ULONG InheritedFromProcessId; ULONG HandleCount; ULONG Reserved2[2]; VM_COUNTERS VmCounters; IO_COUNTERS IoCounters; SYSTEM_THREADS Threads[1]; }SYSTEM_PROCESSES,*PSYSTEM_PROCESSES; typedef DWORD SYSTEM_INFORMATION_CLASS; typedef NTSTATUS (__stdcall *NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, IN ULONG, OUT PULONG OPTIONAL); NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; DWORD EnumProcess() { PSYSTEM_PROCESSES pSystemProc; HMODULE hNtDll = NULL; LPVOID lpSystemInfo = NULL; DWORD dwNumberBytes = MAX_INFO_BUF_LEN; DWORD dwTotalProcess = 0; DWORD dwReturnLength; NTSTATUS Status; LONGLONG llTempTime; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } lpSystemInfo = (LPVOID)malloc(dwNumberBytes); Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO, lpSystemInfo, dwNumberBytes, &dwReturnLength); if(Status == STATUS_INFO_LENGTH_MISMATCH) { printf("STATUS_INFO_LENGTH_MISMATCH\n"); __leave; } else if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } printf("%-20s%6s%7s%8s%6s%7s%7s%13s\n","ProcessName","PID","PPID","WsSize","Prio.","Thread","Handle","CPU Time"); printf("--------------------------------------------------------------------------\n"); pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo; while(pSystemProc->NextEntryDelta != 0) { if(pSystemProc->ProcessId != 0) { wprintf(L"%-20s",pSystemProc->ProcessName.Buffer); } else { wprintf(L"%-20s",L"System Idle Process"); } printf("%6d",pSystemProc->ProcessId); printf("%7d",pSystemProc->InheritedFromProcessId); printf("%7dK",pSystemProc->VmCounters.WorkingSetSize/1024); printf("%6d",pSystemProc->BasePriority); printf("%7d",pSystemProc->ThreadCount); printf("%7d",pSystemProc->HandleCount); llTempTime = pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart; llTempTime /= 10000; printf("%3d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d",llTempTime); printf("\n"); dwTotalProcess ++; pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta); } printf("--------------------------------------------------------------------------\n"); printf("\nTotal %d Process(es) !\n\n",dwTotalProcess); printf("PID\t ==> Process Identification\n"); printf("PPID\t ==> Parent Process Identification\n"); printf("WsSize\t ==> Working Set Size\n"); printf("Prio.\t ==> Base Priority\n"); printf("Thread\t ==> Thread Count\n"); printf("Handle\t ==> Handle Count\n"); printf("CPU Time ==> Processor Time\n"); } __finally { if(lpSystemInfo != NULL) { free(lpSystemInfo); } if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } DWORD SpeciProcess(DWORD dwPID) { PSYSTEM_PROCESSES pSystemProc = NULL; PSYSTEM_THREADS pSystemThre = NULL; HMODULE hNtDll = NULL; LPVOID lpSystemInfo = NULL; DWORD dwNumberBytes = MAX_INFO_BUF_LEN; DWORD dwTotalProcess = 0; DWORD dwReturnLength; NTSTATUS Status; LONGLONG llTempTime; ULONG ulIndex; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } lpSystemInfo = (LPVOID)malloc(dwNumberBytes); Status = NtQuerySystemInformation(NT_PROCESSTHREAD_INFO, lpSystemInfo, dwNumberBytes, &dwReturnLength); if(Status == STATUS_INFO_LENGTH_MISMATCH) { printf("STATUS_INFO_LENGTH_MISMATCH\n"); __leave; } else if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } pSystemProc = (PSYSTEM_PROCESSES)lpSystemInfo; while(pSystemProc->NextEntryDelta != 0) { if(pSystemProc->ProcessId == dwPID) { printf("ProcessName:\t\t "); if(pSystemProc->ProcessId != 0) { wprintf(L"%-20s\n",pSystemProc->ProcessName.Buffer); } else { wprintf(L"%-20s\n",L"System Idle Process"); } printf("ProcessID:\t\t %d\t\t",pSystemProc->ProcessId); printf("ParentProcessID:\t%d\n",pSystemProc->InheritedFromProcessId); printf("KernelTime:\t\t "); llTempTime = pSystemProc->KernelTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\t",llTempTime); printf("UserTime:\t\t"); llTempTime = pSystemProc->UserTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("Privilege:\t\t %d%%\t\t",(pSystemProc->KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart)); printf("User:\t\t\t%d%%\n",(pSystemProc->UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart)); printf("ThreadCount:\t\t %d\t\t",pSystemProc->ThreadCount); printf("HandleCount:\t\t%d\n",pSystemProc->HandleCount); printf("BasePriority:\t\t %-2d\t\t",pSystemProc->BasePriority); printf("PageFaultCount:\t\t%d\n\n",pSystemProc->VmCounters.PageFaultCount); printf("PeakWorkingSetSize(K):\t %-8d\t",pSystemProc->VmCounters.PeakWorkingSetSize/1024); printf("WorkingSetSize(K):\t%-8d\n",pSystemProc->VmCounters.WorkingSetSize/1024); printf("PeakPagedPool(K):\t %-8d\t",pSystemProc->VmCounters.QuotaPeakPagedPoolUsage/1024); printf("PagedPool(K):\t\t%-8d\n",pSystemProc->VmCounters.QuotaPagedPoolUsage/1024); printf("PeakNonPagedPook(K):\t %-8d\t",pSystemProc->VmCounters.QuotaPeakNonPagedPoolUsage/1024); printf("NonePagedPook(K):\t%-8d\n",pSystemProc->VmCounters.QuotaNonPagedPoolUsage/1024); printf("PeakPagefile(K):\t %-8d\t",pSystemProc->VmCounters.PeakPagefileUsage/1024); printf("Pagefile(K):\t\t%-8d\n",pSystemProc->VmCounters.PagefileUsage/1024); printf("PeakVirtualSize(K):\t %-8d\t",pSystemProc->VmCounters.PeakVirtualSize/1024); printf("VirtualSize(K):\t\t%-8d\n\n",pSystemProc->VmCounters.VirtualSize/1024); printf("ReadTransfer:\t\t %-8d\t",pSystemProc->IoCounters.ReadTransferCount); printf("ReadOperationCount:\t%-8d\n",pSystemProc->IoCounters.ReadOperationCount); printf("WriteTransfer:\t\t %-8d\t",pSystemProc->IoCounters.WriteTransferCount); printf("WriteOperationCount:\t%-8d\n",pSystemProc->IoCounters.WriteOperationCount); printf("OtherTransfer:\t\t %-8d\t",pSystemProc->IoCounters.OtherTransferCount); printf("OtherOperationCount:\t%-8d\n\n",pSystemProc->IoCounters.OtherOperationCount); printf("%-5s%3s%4s%5s%5s%11s%12s%12s%7s%6s%9s\n","TID","Pri","BPr","Priv","User","KernelTime","UserTime","StartAddr","CSwitC","State","WtReason"); printf("-------------------------------------------------------------------------------\n"); for(ulIndex = 0; ulIndex < pSystemProc->ThreadCount; ulIndex++) { pSystemThre = &pSystemProc->Threads[ulIndex]; printf("%-5d",pSystemProc->Threads[ulIndex].ClientId.UniqueThread); printf("%3d",pSystemProc->Threads[ulIndex].Priority); printf("%4d",pSystemProc->Threads[ulIndex].BasePriority); printf("%4d%%",(pSystemProc->Threads[ulIndex].KernelTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart)); printf("%4d%%",(pSystemProc->Threads[ulIndex].UserTime.QuadPart * 100)/(pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart)); llTempTime = pSystemProc->Threads[ulIndex].KernelTime.QuadPart; llTempTime /= 10000; printf("%2d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d.",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 100; printf("%.2d ",llTempTime); llTempTime = pSystemProc->Threads[ulIndex].UserTime.QuadPart; llTempTime /= 10000; printf("%2d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d.",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 100; printf("%.2d ",llTempTime); printf(" 0x%.8X",pSystemProc->Threads[ulIndex].StartAddress); printf("%7d",pSystemProc->Threads[ulIndex].ContextSwitchCount); switch(pSystemProc->Threads[ulIndex].State) { case StateInitialized: printf("%6s","Init."); break; case StateReady: printf("%6s","Ready"); break; case StateRunning: printf("%6s","Run"); break; case StateStandby: printf("%6s","StBy."); break; case StateTerminated: printf("%6s","Term."); break; case StateWait: printf("%6s","Wait"); break; case StateTransition: printf("%6s","Tran."); break; case StateUnknown: printf("%6s","Unkn."); break; default: printf("%6s","Unkn."); break; } switch(pSystemProc->Threads[ulIndex].WaitReason) { case Executive: printf(" %-8s","Executi."); break; case FreePage: printf(" %-8s","FreePag."); break; case PageIn: printf(" %-8s","PageIn"); break; case PoolAllocation: printf(" %-8s","PoolAll."); break; case DelayExecution: printf(" %-8s","DelayEx."); break; case Suspended: printf(" %-8s","Suspend."); break; case UserRequest: printf(" %-8s","UserReq."); break; case WrExecutive: printf(" %-8s","WrExect."); break; case WrFreePage: printf(" %-8s","WrFrePg."); break; case WrPageIn: printf(" %-8s","WrPageIn"); break; case WrPoolAllocation: printf(" %-8s","WrPoolA."); break; case WrSuspended: printf(" %-8s","WrSuspe."); break; case WrUserRequest: printf(" %-8s","WrUsReq."); break; case WrEventPair: printf(" %-8s","WrEvent."); break; case WrQueue: printf(" %-8s","WrQueue"); break; case WrLpcReceive: printf(" %-8s","WrLpcRv."); break; case WrLpcReply: printf(" %-8s","WrLpcRp."); break; case WrVertualMemory: printf(" %-8s","WrVerMm."); break; case WrPageOut: printf(" %-8s","WrPgOut."); break; case WrRendezvous: printf(" %-8s","WrRende."); break; case WrKernel: printf(" %-8s","WrKernel"); break; default: printf(" %-8s","Unknown"); break; } printf("\n"); } printf("-------------------------------------------------------------------------------\n\n"); printf("Total %d Thread(s) !\n\n",ulIndex); dwTotalProcess ++; break; } pSystemProc = (PSYSTEM_PROCESSES)((char *)pSystemProc + pSystemProc->NextEntryDelta); } } __finally { if(dwTotalProcess == 0) { printf("Could not found the %d Process !\n",dwPID); } else { printf("TID:\t\t====>\tThread Identification\n"); printf("Pri:\t\t====>\tPriority\n"); printf("BPr:\t\t====>\tBase Priority\n"); printf("Priv:\t\t====>\tPrivilege\n"); printf("StartAddr:\t====>\tThread Start Address\n"); printf("CSwitC:\t\t====>\tContext Switch Count\n"); printf("WtReason:\t====>\tWait Reason\n"); } if(lpSystemInfo != NULL) { free(lpSystemInfo); } if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } VOID Start() { printf("T-PMList, by TOo2y\n"); printf("E-mail: TOo2y@safechina.net\n"); printf("HomePage: www.safechina.net\n"); printf("Date: 05-10-2003\n\n"); return ; } VOID Usage() { printf("Usage:\tT-PMList [-e] | [-s PID]\n"); printf(" -e\t Enumerate All Processes\n"); printf(" -s PID Show Special Process Information with PID\n\n"); return ; } #endif 2.T-PMPerf的頭文件源代碼： #ifndef T_PMPERF_H #define T_PMPERF_H #include "windows.h" #include "stdio.h" #define SYSTEM_PERF_INFO 0x02 #define SYSTEM_PROC_TIME 0x08 #define SYSTEM_PAGE_INFO 0x12 #define SYSTEM_CACHE_INFO 0x15 #define MAX_INFO_BUF_LEN 0x500000 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) typedef LONG NTSTATUS; typedef DWORD SYSTEM_INFORMATION_CLASS; typedef struct _LSA_UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; }LSA_UNICODE_STRING,*PLSA_UNICODE_STRING; typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef struct _SYSTEM_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; ULONG ReadOperationCount; ULONG WriteOperationCount; ULONG OtherOperationCount; ULONG AvailablePages; ULONG TotalCommittedPages; ULONG TotalCommitLimit; ULONG PeakCommitment; ULONG PageFaults; ULONG WriteCopyFaults; ULONG TransitionFaults; ULONG Reserved1; ULONG DemandZeroFaults; ULONG PagesRead; ULONG PageReadIos; ULONG Reserved2[2]; ULONG PagefilePagesWritten; ULONG PagefilePageWriteIos; ULONG MappedFilePagesWritten; ULONG MappedFileWriteIos; ULONG PagedPoolUsage; ULONG NonPagedPoolUsage; ULONG PagedPoolAllocs; ULONG PagedPoolFrees; ULONG NonPagedPoolAllocs; ULONG NonPagedPoolFress; ULONG TotalFreeSystemPtes; ULONG SystemCodePage; ULONG TotalSystemDriverPages; ULONG TotalSystemCodePages; ULONG SmallNonPagedLookasideListAllocateHits; ULONG SmallPagedLookasideListAllocateHits; ULONG Reserved3; ULONG MmSystemCachePage; ULONG PagedPoolPage; ULONG SystemDriverPage; ULONG FastReadNoWait; ULONG FastReadWait; ULONG FastReadResourceMiss; ULONG FastReadNotPossible; ULONG FastMdlReadNoWait; ULONG FastMdlReadWait; ULONG FastMdlReadResourceMiss; ULONG FastMdlReadNotPossible; ULONG MapDataNoWait; ULONG MapDataWait; ULONG MapDataNoWaitMiss; ULONG MapDataWaitMiss; ULONG PinMappedDataCount; ULONG PinReadNoWait; ULONG PinReadWait; ULONG PinReadNoWaitMiss; ULONG PinReadWaitMiss; ULONG CopyReadNoWait; ULONG CopyReadWait; ULONG CopyReadNoWaitMiss; ULONG CopyReadWaitMiss; ULONG MdlReadNoWait; ULONG MdlReadWait; ULONG MdlReadNoWaitMiss; ULONG MdlReadWaitMiss; ULONG ReadAheadIos; ULONG LazyWriteIos; ULONG LazyWritePages; ULONG DataFlushes; ULONG DataPages; ULONG ContextSwitches; ULONG FirstLevelTbFills; ULONG SecondLevelTbFills; ULONG SystemCall; }SYSTEM_PERFORMANCE_INFORMATION,*PSYSTEM_PERFORMANCE_INFORMATION; typedef struct __SYSTEM_PROCESSOR_TIMES { LARGE_INTEGER IdleTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER DpcTime; LARGE_INTEGER InterruptTime; ULONG InterruptCount; }SYSTEM_PROCESSOR_TIMES,*PSYSTEM_PROCESSOR_TIMES; typedef struct _SYSTEM_PAGEFILE_INFORMATION { ULONG NetxEntryOffset; ULONG CurrentSize; ULONG TotalUsed; ULONG PeakUsed; UNICODE_STRING FileName; }SYSTEM_PAGEFILE_INFORMATION,*PSYSTEM_PAGEFILE_INFORMATION; typedef struct _SYSTEM_CACHE_INFORMATION { ULONG SystemCacheWsSize; ULONG SystemCacheWsPeakSize; ULONG SystemCacheWsFaults; ULONG SystemCacheWsMinimum; ULONG SystemCacheWsMaximum; ULONG TransitionSharedPages; ULONG TransitionSharedPagesPeak; ULONG Reserved[2]; }SYSTEM_CACHE_INFORMATION,*PSYSTEM_CACHE_INFORMATION; typedef NTSTATUS (__stdcall * NTQUERYSYSTEMINFORMATION) (IN SYSTEM_INFORMATION_CLASS, IN OUT PVOID, INT ULONG, OUT PULONG OPTION); NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; DWORD PerfInfo() { SYSTEM_PERFORMANCE_INFORMATION SystemPerfInfo; HMODULE hNtDll = NULL; DWORD dwNumberBytes; DWORD dwReturnLength; NTSTATUS Status; LONGLONG llTempTime; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } dwNumberBytes = sizeof(SYSTEM_PERFORMANCE_INFORMATION); Status = NtQuerySystemInformation(SYSTEM_PERF_INFO, &SystemPerfInfo, dwNumberBytes, &dwReturnLength); if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation for Performance Error: %d\n",GetLastError()); __leave; } printf("IdleTime:\t\t"); llTempTime = SystemPerfInfo.IdleTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("ReadOperationCount:\t%-10d\t",SystemPerfInfo.ReadOperationCount); printf("ReadTransferCount:\t%d\n",SystemPerfInfo.ReadTransferCount); printf("WriteOperationCount:\t%-10d\t",SystemPerfInfo.WriteOperationCount); printf("WriteTransferCount:\t%d\n",SystemPerfInfo.WriteTransferCount); printf("OtherOperationCount:\t%-10d\t",SystemPerfInfo.OtherOperationCount); printf("OtherTransferCount:\t%d\n",SystemPerfInfo.OtherTransferCount); printf("AvailablePages:\t\t%-10d\t",SystemPerfInfo.AvailablePages); printf("TotalCommittedPage:\t%d\n",SystemPerfInfo.TotalCommittedPages); printf("CommitLimit:\t\t%-10d\t",SystemPerfInfo.TotalCommitLimit); printf("PeakCommitment:\t\t%d\n",SystemPerfInfo.PeakCommitment); printf("PageFault:\t\t%-10d\t",SystemPerfInfo.PageFaults); printf("WriteCopyFault:\t\t%d\n",SystemPerfInfo.WriteCopyFaults); printf("TransitionFault:\t%-10d\t",SystemPerfInfo.TransitionFaults); printf("DemandZeroFault:\t%d\n",SystemPerfInfo.DemandZeroFaults); printf("PagesRead:\t\t%-10d\t",SystemPerfInfo.PagesRead); printf("PageReadIos:\t\t%d\n",SystemPerfInfo.PageReadIos); printf("PagesWritten:\t\t%-10d\t",SystemPerfInfo.PagefilePagesWritten); printf("PageWriteIos:\t\t%d\n",SystemPerfInfo.PagefilePageWriteIos); printf("MappedFilePagesWritten:\t%-10d\t",SystemPerfInfo.MappedFilePagesWritten); printf("MappedFileWriteIos:\t%d\n",SystemPerfInfo.MappedFileWriteIos); printf("PagedPoolUsage:\t\t%-10d\t",SystemPerfInfo.PagedPoolUsage); printf("NonPagedPoolUsage:\t%d\n",SystemPerfInfo.NonPagedPoolUsage); printf("PagedPoolAllocs:\t%-10d\t",SystemPerfInfo.PagedPoolAllocs); printf("NonPagedPoolAllocs:\t%d\n",SystemPerfInfo.NonPagedPoolAllocs); printf("PagedPoolFrees:\t\t%-10d\t",SystemPerfInfo.PagedPoolFrees); printf("NonPagedPoolFrees:\t%d\n",SystemPerfInfo.NonPagedPoolFress); printf("SystemCodePage:\t\t%-10d\t",SystemPerfInfo.SystemCodePage); printf("TotalSystemCodePage:\t%d\n",SystemPerfInfo.TotalSystemCodePages); printf("TotalFreeSysPTE:\t%-10d\t",SystemPerfInfo.TotalFreeSystemPtes); printf("TotalSystemDriverPages:\t%d\n",SystemPerfInfo.TotalSystemDriverPages); printf("PagedPoolPage:\t\t%-10d\t",SystemPerfInfo.PagedPoolPage); printf("SystemDriverPage:\t%d\n",SystemPerfInfo.SystemDriverPage); printf("FastReadWait:\t\t%-10d\t",SystemPerfInfo.FastReadWait); printf("FastReadNoWait:\t\t%d\n",SystemPerfInfo.FastReadNoWait); printf("FastReadNoPossible:\t%-10d\t",SystemPerfInfo.FastReadNotPossible); printf("FastReadResourceMiss:\t%d\n",SystemPerfInfo.FastReadResourceMiss); printf("FastMdlReadWait:\t%-10d\t",SystemPerfInfo.FastMdlReadWait); printf("FastMdlReadNoWait:\t%d\n",SystemPerfInfo.FastMdlReadNoWait); printf("FastMdlReadNotPossible:\t%-10d\t",SystemPerfInfo.FastMdlReadNotPossible); printf("FastMdlReadResourceMiss:%d\n",SystemPerfInfo.FastMdlReadResourceMiss); printf("MapDataWait:\t\t%-10d\t",SystemPerfInfo.MapDataWait); printf("MapDataNoWait:\t\t%d\n",SystemPerfInfo.MapDataNoWait); printf("MapDataWaitMiss:\t%-10d\t",SystemPerfInfo.MapDataWaitMiss); printf("MapDataNoWaitMiss:\t%d\n",SystemPerfInfo.MapDataNoWaitMiss); printf("ReadAheadIos:\t\t%-10d\t",SystemPerfInfo.ReadAheadIos); printf("PinMappedDataCount:\t%d\n",SystemPerfInfo.PinMappedDataCount); printf("PinReadWait:\t\t%-10d\t",SystemPerfInfo.PinReadWait); printf("PinReadNoWait:\t\t%d\n",SystemPerfInfo.PinReadNoWait); printf("PinReadWaitMiss:\t%-10d\t",SystemPerfInfo.PinReadWaitMiss); printf("PinReadNoWaitMiss:\t%d\n",SystemPerfInfo.PinReadNoWaitMiss); printf("CopyReadWait:\t\t%-10d\t",SystemPerfInfo.CopyReadWait); printf("CopyReadNoWait:\t\t%d\n",SystemPerfInfo.CopyReadNoWait); printf("CopyReadWaitMiss:\t%-10d\t",SystemPerfInfo.CopyReadWaitMiss); printf("CopyReadNoWaitMiss:\t%-10d\n",SystemPerfInfo.CopyReadNoWaitMiss); printf("MdlReadWait:\t\t%-10d\t",SystemPerfInfo.MdlReadWait); printf("MdlReadNoWait:\t\t%d\n",SystemPerfInfo.MdlReadNoWait); printf("MdlReadWaitMiss:\t%-10d\t",SystemPerfInfo.MdlReadWaitMiss); printf("MdlReadNoWaitMiss:\t%d\n",SystemPerfInfo.MdlReadNoWaitMiss); printf("LazyWriteIos:\t\t%-10d\t",SystemPerfInfo.LazyWriteIos); printf("LazyWritePages:\t\t%d\n",SystemPerfInfo.LazyWritePages); printf("DataPages:\t\t%-10d\t",SystemPerfInfo.DataPages); printf("DataFlushes:\t\t%d\n",SystemPerfInfo.DataFlushes); printf("FirstLevelTbFills:\t%-10d\t",SystemPerfInfo.FirstLevelTbFills); printf("SecondLevelTbFills:\t%d\n",SystemPerfInfo.SecondLevelTbFills); printf("ContextSwitches:\t%-10d\t",SystemPerfInfo.ContextSwitches); printf("SytemCall:\t\t%d\n",SystemPerfInfo.SystemCall); printf("MemorySystemCachePage:\t\t\t%d\n",SystemPerfInfo.MmSystemCachePage); printf("SmallPagedLookasideListAllocateHits:\t%d\n",SystemPerfInfo.SmallPagedLookasideListAllocateHits); printf("SmallNonPagedLookasideListAllocateHits:\t%d\n",SystemPerfInfo.SmallNonPagedLookasideListAllocateHits); } __finally { if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } DWORD ProcTime() { SYSTEM_PROCESSOR_TIMES SystemProcTime; HMODULE hNtDll = NULL; DWORD dwNumberBytes; DWORD dwReturnLength; NTSTATUS Status; LONGLONG llTempTime; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } dwNumberBytes = sizeof(SYSTEM_PROCESSOR_TIMES); NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress Error: %d\n",GetLastError()); __leave; } Status = NtQuerySystemInformation(SYSTEM_PROC_TIME, &SystemProcTime, dwNumberBytes, &dwReturnLength); if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation for Processor Time Error: %d\n",GetLastError()); __leave; } printf("IdleTime:\t\t"); llTempTime = SystemProcTime.IdleTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("KernelTime:\t\t"); llTempTime = SystemProcTime.KernelTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("UserTime:\t\t"); llTempTime = SystemProcTime.UserTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("DpcTime:\t\t"); llTempTime = SystemProcTime.DpcTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("InterruptTime:\t\t"); llTempTime = SystemProcTime.InterruptTime.QuadPart; llTempTime /= 10000; printf("%d:",llTempTime/(60*60*1000)); llTempTime %= 60*60*1000; printf("%.2d:",llTempTime/(60*1000)); llTempTime %= 60*1000; printf("%.2d.",llTempTime/1000); llTempTime %= 1000; printf("%.3d\n",llTempTime); printf("InterruptCount:\t\t%d\n",SystemProcTime.InterruptCount); } __finally { if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } DWORD PagefileInfo() { PSYSTEM_PAGEFILE_INFORMATION pSystemPagefileInfo; PVOID pBuffer; HMODULE hNtDll = NULL; DWORD dwNumberBytes; DWORD dwReturnLength; NTSTATUS Status; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } dwNumberBytes = MAX_INFO_BUF_LEN; pBuffer = (LPVOID)malloc(dwNumberBytes); Status = NtQuerySystemInformation(SYSTEM_PAGE_INFO, pBuffer, dwNumberBytes, &dwReturnLength); if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation for Pagefile Error: %d\n",GetLastError()); __leave; } pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)pBuffer; do { printf("CurrentPagefileSize:\t%d\n",pSystemPagefileInfo->CurrentSize); printf("TotalPagefileUsed:\t%d\n",pSystemPagefileInfo->TotalUsed); printf("PeakPagefileUsed:\t%d\n",pSystemPagefileInfo->PeakUsed); wprintf(L"PagefileFileName:\t%s\n",pSystemPagefileInfo->FileName.Buffer); pSystemPagefileInfo = (PSYSTEM_PAGEFILE_INFORMATION)((char *)pBuffer + pSystemPagefileInfo->NetxEntryOffset); }while(pSystemPagefileInfo->NetxEntryOffset != 0); } __finally { if(pBuffer != NULL) { free(pBuffer); } if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } DWORD CacheInfo() { SYSTEM_CACHE_INFORMATION SystemCacheInfo; HMODULE hNtDll = NULL; DWORD dwNumberBytes; DWORD dwReturnLength; NTSTATUS Status; __try { hNtDll = LoadLibrary("NtDll.dll"); if(hNtDll == NULL) { printf("LoadLibrary Error: %d\n",GetLastError()); __leave; } NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"NtQuerySystemInformation"); if(NtQuerySystemInformation == NULL) { printf("GetProcAddress for NtQuerySystemInformation Error: %d\n",GetLastError()); __leave; } dwNumberBytes = sizeof(SYSTEM_CACHE_INFORMATION); Status = NtQuerySystemInformation(SYSTEM_CACHE_INFO, &SystemCacheInfo, dwNumberBytes, &dwReturnLength); if(Status != STATUS_SUCCESS) { printf("NtQuerySystemInformation for Cache Error: %d\n",GetLastError()); __leave; } printf("CacheWorkingSetSize:\t\t%d(KB)\n",SystemCacheInfo.SystemCacheWsSize/1024); printf("CacheWorkingSetPeakSize:\t%d(KB)\n",SystemCacheInfo.SystemCacheWsPeakSize/1024); printf("CacheWorkingSetFaults:\t\t%d\n",SystemCacheInfo.SystemCacheWsFaults); printf("CacheWorkingSetMinimum:\t\t%d\n",SystemCacheInfo.SystemCacheWsMinimum); printf("CacheWorkingSetMaximum:\t\t%d\n",SystemCacheInfo.SystemCacheWsMaximum); printf("TransitionSharedPages:\t\t%d\n",SystemCacheInfo.TransitionSharedPages); printf("TransitionSharedPagesPeak:\t%d\n",SystemCacheInfo.TransitionSharedPagesPeak); } __finally { if(hNtDll != NULL) { FreeLibrary(hNtDll); } } return 0; } VOID Start() { printf("T-PMPerf, by TOo2y\n"); printf("E-mail: TOo2y@safechina.net\n"); printf("HomePage: www.safechina.net\n"); printf("Date: 05-09-2003\n\n"); return ; } VOID Usage() { printf("Usage:\tT-PMPerf <Option>\n"); printf("Option:\n"); printf(" -Perf System Performance Information\n"); printf(" -Proc System Processor Information\n"); printf(" -Page System Pagefile Information\n"); printf(" -Cache System Cache Information\n"); return ; } #endif 

Reference: 《Windows NT/2000 Native API Reference》。

關(guān)于作者：
FZ5FZ，我們主要從事網(wǎng)絡(luò)/系統(tǒng)安全的學(xué)習(xí)與研究，深入編程技術(shù)的剖析與探討，堅(jiān)持原創(chuàng)，追求共享。
FZ5FZ 主頁(yè)：http://fz5fz.yeah.net